From 888073e2e83b944721f4b489562b3523298734e5 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Mon, 27 May 2024 14:26:45 +1000
Subject: [PATCH] document provider random bypass ability

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24498)
---
 doc/man7/RAND.pod | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod
index c4a630856c5..ef48a492c4c 100644
--- a/doc/man7/RAND.pod
+++ b/doc/man7/RAND.pod
@@ -54,6 +54,13 @@ only in exceptional cases and is not recommended, unless you have a profound
 knowledge of cryptographic principles and understand the implications of your
 changes.
 
+Finally, it is possible for a provider to bypass the default RAND setup for
+L<RAND_bytes(3)> and associated functions.  A provider can be specified as the
+single randomness source via the L<RAND_set1_random_provider(3)> function or via
+configuration using the B<random_provider> option in L<config(5)>.  Once specified,
+the nominated provider will be used directly when calling the L<RAND_bytes(3)>
+family of functions.
+
 =head1 DEFAULT SETUP
 
 The default OpenSSL RAND method is based on the EVP_RAND deterministic random
@@ -68,7 +75,9 @@ L<RAND_bytes(3)>,
 L<RAND_priv_bytes(3)>,
 L<EVP_RAND(3)>,
 L<RAND_get0_primary(3)>,
-L<EVP_RAND(7)>
+L<config(5)>,
+L<EVP_RAND(7)>,
+L<RAND_set1_random_provider(3)>.
 
 =head1 COPYRIGHT
 
-- 
2.47.2